+ Post New Thread
Results 1 to 5 of 5
Windows 7 Thread, Lockdown windows 7 in Technical; Hi Everyone I am currently running a windows 2003 domain with windows xp clients, but am testing one windows 7 ...
  1. #1
    ricki's Avatar
    Join Date
    Jul 2005
    Location
    uk
    Posts
    1,475
    Thank Post
    20
    Thanked 164 Times in 157 Posts
    Rep Power
    52

    Lockdown windows 7

    Hi Everyone

    I am currently running a windows 2003 domain with windows xp clients, but am testing one windows 7 machine to see how it compares with our current hardware and software.

    I know I should upgrade the domain to windows 2008 before rolling windows 7 out but for testing I am ok.

    What settings have people used to secure the windows 7 machines and will adding extra settings to the users policies affect the users when they log onto windows xp machines.

    Thanks for all your help.

    Richard

  2. #2
    kennysarmy's Avatar
    Join Date
    Oct 2005
    Location
    UK
    Posts
    1,286
    Thank Post
    80
    Thanked 45 Times in 31 Posts
    Rep Power
    30
    I am interested in this too.....

    and also in what cons there are to running windows 7 still under 2003?

  3. #3

    Join Date
    May 2009
    Location
    England
    Posts
    264
    Thank Post
    58
    Thanked 36 Times in 35 Posts
    Rep Power
    19
    I have been told that without server 2008 a number of group policy issues will appear, and without server 2008 r2 you cant use vb logon scripts with windows 7.

  4. #4

    SYNACK's Avatar
    Join Date
    Oct 2007
    Posts
    11,044
    Thank Post
    853
    Thanked 2,666 Times in 2,263 Posts
    Blog Entries
    9
    Rep Power
    767
    I use seporate policies for XP and 7 because it is much easier. Just use a WMI filter for each of the user assigned policies.
    Quote Originally Posted by SYNACK View Post
    If you have already deployed Vista then just update those policies. If you are comming from XP there is so much more in them that it is better to start from scratch as otherwise you can end up with crazy defaults.

    If you have some XP machines remaining then use a WMI filter on the user GPO policies to filter out just the XP and Just the 7 ones so that it all works together smoothly - a seporate user policy for 7 /Vista and XP.
    Root\CimV2; Select * from Win32_OperatingSystem where Caption = "Microsoft Windows XP Professional"
    http://technet.microsoft.com/en-us/library/cc779036(WS.10).aspx
    Quote Originally Posted by SYNACK View Post
    I have two separate policies for users which are filtered by which OS the user is logged in with. If they are logged in to an XP box they get one setup and if Vista a completely different policy. I found that much of the stuff that I set up for XP simply made stuff more tricky in Vista hence the separation.

    I have the Vista machines in completely separate containers so I don't need the filter on the machine polices but as the users are all in the same place and can log in to either I set up the filtering.

    James.Random() : How to detect Vista and Longhorn with WMI Filters
    RE: Exclude Vista from GPO - ReadList.com
    As to using 2003 server so long as you update the central policy share in sysvol it works fine as I have a client setup this this. They were limited in uprade path by some especially helpful education software

    Quote Originally Posted by SYNACK View Post
    Just dump RSAT (below) on your system and you can configure them through the group policy managment snapin that it installs
    http://www.microsoft.com/downloads/details.aspx?FamilyID=7D2F6AD7-656B-4313-A005-4E344E43997D&displaylang=en

    You can also create a policy store if it is not there already to make the whole thing more efficient and centralize the templates
    Creating a Group Policy Central Store for Windows Vista and Server 2008
    Last edited by SYNACK; 20th January 2010 at 01:36 PM.

  5. #5
    cookie_monster's Avatar
    Join Date
    May 2007
    Location
    Derbyshire
    Posts
    4,196
    Thank Post
    392
    Thanked 278 Times in 239 Posts
    Rep Power
    74
    You can manage Windows 7 boxes on a Server 2003 domain but you must manage the GPO's from a Windows 7 box with the admin tools installed. You don't 'have' to use the central store either.

    Take a look at the An Alternative to the Central Store section in the link below. This is a good article on this subject.

    http://blogs.technet.com/askds/archi...ral-store.aspx

    As it states you can have a 2003 or 2008 domain and manage your Windows 7 boxes from either a Windows 7 machine or even better a 2008 R2 box with the admin tools installed, then you just connect to this via RDP when you want to manage GPO's.
    Last edited by cookie_monster; 20th January 2010 at 01:43 PM.

  6. Thanks to cookie_monster from:

    ricki (20th January 2010)

SHARE:
+ Post New Thread

Similar Threads

  1. Lockdown XP Home
    By cookie_monster in forum Windows
    Replies: 4
    Last Post: 8th January 2010, 08:36 AM
  2. How do you lockdown firefox?
    By FN-GM in forum How do you do....it?
    Replies: 12
    Last Post: 16th June 2009, 10:34 AM
  3. PC Lockdown
    By mattaylor in forum Network and Classroom Management
    Replies: 1
    Last Post: 16th June 2008, 07:13 PM
  4. Right-click lockdown
    By Crispness in forum Windows
    Replies: 26
    Last Post: 27th February 2008, 06:49 PM
  5. PC Lockdown
    By Grommit in forum Windows
    Replies: 6
    Last Post: 21st January 2007, 10:53 AM

Thread Information

Users Browsing this Thread

There are currently 1 users browsing this thread. (0 members and 1 guests)

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •